Tools

Tools

Seeds/Roots

ASN Enumeratiom

  • bgp.he.net
  • Asnlookup
  • Metabigor

Reverse WHOIS

  • whoxy.com
  • DOMLink

Ad/Analytics Relationships

  • builtwith.com (also available as Firefox addon)
  • getrelationship.py

Google-Fu

  • Copyright text
  • Terms of service text
  • Privacy policy test

Subs

Linked and JS Discovery

  • Burp Suite Pro (or ZAP Proxy?)
  • GoSpider
  • hakrawler
  • Subdomainizer
  • subscraper

Subdomain Scraping

1
site:twitch-tv -www.twicht.tv
Copied!
1
site:twitch-tv -www.twicht.tv -watch.twitch.tv
Copied!

Subdomain Bruting

Wordlists
  • all.txt
  • AssetNote -> commonspeak2

Favicon Analysis

  • favfreak

Port Analysis

  • Nmap
  • masscan (faster than Nmap)
  • dnmasscan
  • Brutespray

GitHub Dorking

  • github-search

Screenshotting

  • Aquatone
  • Eyewitness
  • httpscreenshot
  • WitnessMe

Subdomain takeover

  • can-i-take-over-xyz
  • Nuclei
  • SubOver

Automation++

  • interlace
  • Tools by TomNomNom (eg httpprobe, mage)

Frameworks

S-Tier

A-Tier

B-Tier

C-Tier

MISC (to be cleaned up)

  • WebScarab
  • Recon-ng
  • GitRob
  • CyberChef
  • OnlineHashCrack.com
  • idb
  • Wireshark
  • Bucket Finder
  • Race the Web
  • Google Dorks
  • JD GUI
  • Mobile Security Framework
  • Ysoserial
Last modified 16d ago